Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNMP Discovery with pfSense #258

Closed
photomatix18 opened this issue Jun 21, 2023 · 8 comments
Closed

SNMP Discovery with pfSense #258

photomatix18 opened this issue Jun 21, 2023 · 8 comments
Labels
next release/in dev image🚀 This is coming in the next release or was already released if the issue is Closed.

Comments

@photomatix18
Copy link

Describe the issue
I can't seem to get Pi.Alert to ingest the ARP tables from my pfSense box. When I run snmpwalk -v 2c -c public -OXsq 192.168.0.1 .1.3.6.1.2.1.4.22.1.2 from the docker cli, I get the expected output so I know the docker container is able to receive the info.

iso.3.6.1.2.1.4.22.1.2.3.192.168.20.1 "52 54 00 BC CC D4 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.10 "52 54 00 57 77 76 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.11 "2C A5 9C F0 B3 06 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.12 "2C A5 9C F0 B1 91 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.13 "EC 71 DB 06 B3 79 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.15 "9C 8E CD 38 E2 93 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.16 "9C 8E CD 38 E1 F8 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.17 "08 A1 89 48 55 D9 "
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.18 "08 A1 89 48 55 75 "

Paste last few lines from pialert.log

You can use tail -20 /home/pi/pialert/front/log/pialert.log

19:09:33 [Plugins] Check if any plugins need to be executed on run type: always_after_scan
19:09:33 [Plugins] ---------------------------------------------
19:09:33 [Plugins] display_name: SNMP discovery
19:09:33 [Plugins] CMD: python3 /home/pi/pialert/front/plugins/snmp_discovery/script.py routers={s-quote}{routers}{s-quote}
19:09:33 [Plugins] Timeout: 5
19:09:33 snmpwalk -v 2c -c public -OXsq 192.168.0.1 .1.3.6.1.2.1.4.22.1.2
19:09:33 [Plugins]: Pre-Resolved CMD: python3/home/pi/pialert/front/plugins/snmp_discovery/script.pyrouters={s-quote}{routers}{s-quote}
19:09:33 [Plugins] Executing: python3 /home/pi/pialert/front/plugins/snmp_discovery/script.py routers={s-quote}{routers}{s-quote}
19:09:33 [Plugins] Resolved : ['python3', '/home/pi/pialert/front/plugins/snmp_discovery/script.py', "routers='snmpwalk -v 2c -c public -OXsq 192.168.0.1 .1.3.6.1.2.1.4.22.1.2'"]
19:09:34 [Plugins] No output received from the plugin SNMPDSC - enable LOG_LEVEL=debug and check logs

Paste your pialert.conf (remove personal info)

#-----------------AUTOGENERATED FILE-----------------#
#                                                    #
#         Generated:  2023-06-20_19-10-06            #
#                                                    #
#   Config file for the LAN intruder detection app:  #
#      https://github.com/jokob-sk/Pi.Alert          #
#                                                    #
#-----------------AUTOGENERATED FILE-----------------#


# General
#---------------------------
ENABLE_ARPSCAN=True
SCAN_SUBNETS=['192.168.0.0/24 --interface=eth0']
LOG_LEVEL='debug'
TIMEZONE='America/Chicago'
ENABLE_PLUGINS=True
PIALERT_WEB_PROTECTION=False
PIALERT_WEB_PASSWORD='8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'
INCLUDED_SECTIONS=['internet','new_devices','down_devices','events']
SCAN_CYCLE_MINUTES=5
DAYS_TO_KEEP_EVENTS=90
REPORT_DASHBOARD_URL='http://pi.alert'
DIG_GET_IP_ARG='-4 myip.opendns.com @resolver1.opendns.com'
UI_LANG='English'
UI_PRESENCE=['online','offline','archived']


# Email
#---------------------------
REPORT_MAIL=False
SMTP_SERVER='smtp.gmail.com'
SMTP_PORT=587
REPORT_TO='user@gmail.com'
REPORT_FROM='Pi.Alert <user@gmail.com>'
SMTP_SKIP_LOGIN=False
SMTP_USER='user@gmail.com'
SMTP_PASS='password'
SMTP_SKIP_TLS=False
SMTP_FORCE_SSL=False


# Webhooks
#---------------------------
REPORT_WEBHOOK=False
WEBHOOK_URL='http://n8n.local:5555/webhook-test/aaaaaaaa-aaaa-aaaa-aaaaa-aaaaaaaaaaaa'
WEBHOOK_PAYLOAD='json'
WEBHOOK_REQUEST_METHOD='GET'


# Apprise
#---------------------------
REPORT_APPRISE=False
APPRISE_HOST='http://localhost:8000/notify'
APPRISE_URL='mailto://smtp-relay.sendinblue.com:587?from=user@gmail.com&name=apprise&user=user@gmail.com&pass=password&to=user@gmail.com'
APPRISE_PAYLOAD='html'


# NTFY
#---------------------------
REPORT_NTFY=False
NTFY_HOST='https://ntfy.sh'
NTFY_TOPIC='replace_my_secure_topicname_91h889f28'
NTFY_USER='user'
NTFY_PASSWORD='passw0rd'


# PUSHSAFER
#---------------------------
REPORT_PUSHSAFER=False
PUSHSAFER_TOKEN='ApiKey'


# MQTT
#---------------------------
REPORT_MQTT=False
MQTT_BROKER='192.168.1.2'
MQTT_PORT=1883
MQTT_USER='mqtt'
MQTT_PASSWORD='passw0rd'
MQTT_QOS=0
MQTT_DELAY_SEC=2


# DynDNS
#---------------------------
DDNS_ACTIVE=False
DDNS_DOMAIN='your_domain.freeddns.org'
DDNS_USER='dynu_user'
DDNS_PASSWORD='A0000000B0000000C0000000D0000000'
DDNS_UPDATE_URL='https://api.dynu.com/nic/update?'


# PiHole
#---------------------------
PIHOLE_ACTIVE=False
DHCP_ACTIVE=False


# Pholus
#---------------------------
PHOLUS_ACTIVE=False
PHOLUS_TIMEOUT=120
PHOLUS_FORCE=False
PHOLUS_RUN='once'
PHOLUS_RUN_TIMEOUT=600
PHOLUS_RUN_SCHD='0 4 * * *'
PHOLUS_DAYS_DATA=7


# Nmap
#---------------------------
NMAP_ACTIVE=True
NMAP_TIMEOUT=150
NMAP_RUN='none'
NMAP_RUN_SCHD='0 2 * * *'
NMAP_ARGS='-p -10000'


# API
#---------------------------
API_CUSTOM_SQL='SELECT * FROM Devices WHERE dev_PresentLastScan = 0'


# DHCPLSS
#---------------------------
DHCPLSS_RUN='disabled'
DHCPLSS_CMD='python3 /home/pi/pialert/front/plugins/dhcp_leases/script.py paths={paths}'
DHCPLSS_paths_to_check=['/mnt/dhcp1.leases','/mnt/dhcp2.leases']
DHCPLSS_RUN_SCHD='0 2 * * *'
DHCPLSS_RUN_TIMEOUT=5
DHCPLSS_WATCH=['Watched_Value1','Watched_Value4']
DHCPLSS_REPORT_ON=['new','watched-changed']


# DHCPSRVS
#---------------------------
DHCPSRVS_RUN='disabled'
DHCPSRVS_CMD='python3 /home/pi/pialert/front/plugins/dhcp_servers/script.py'
DHCPSRVS_RUN_SCHD='0 2 * * *'
DHCPSRVS_RUN_TIMEOUT=5
DHCPSRVS_WATCH=['Watched_Value1']
DHCPSRVS_REPORT_ON=['new','watched-changed']


# NMAPSRV
#---------------------------
NMAPSRV_RUN='disabled'
NMAPSRV_CMD='SELECT  ns.MAC as Object_PrimaryID, cast({s-quote}http://{s-quote} || dv.dev_LastIP as VARCHAR(100)) || {s-quote}:{s-quote} || cast( SUBSTR(ns.Port ,0, INSTR(ns.Port , {s-quote}/{s-quote})) as VARCHAR(100)) as Object_SecondaryID,  datetime() as DateTime,  ns.Service as Watched_Value1, ns.State as Watched_Value2, dv.dev_Name as Watched_Value3,        {s-quote}null{s-quote} as Watched_Value4,        ns.Extra as Extra, ns.MAC as ForeignKey FROM (SELECT * FROM Nmap_Scan) ns left JOIN (SELECT dev_Name, dev_MAC, dev_LastIP FROM Devices) dv  ON ns.MAC = dv.dev_MAC'
NMAPSRV_RUN_SCHD='0 2 * * *'
NMAPSRV_WATCH=['Watched_Value1']
NMAPSRV_REPORT_ON=['new','watched-changed']


# SNMPDSC
#---------------------------
SNMPDSC_RUN='always_after_scan'
SNMPDSC_CMD='python3 /home/pi/pialert/front/plugins/snmp_discovery/script.py routers={s-quote}{routers}{s-quote}'
SNMPDSC_routers=['snmpwalk -v 2c -c public -OXsq 192.168.0.1 .1.3.6.1.2.1.4.22.1.2']
SNMPDSC_RUN_SCHD='* * * * *'
SNMPDSC_RUN_TIMEOUT=5
SNMPDSC_WATCH=['Watched_Value2']
SNMPDSC_REPORT_ON=['new','watched-changed','watched-not-changed']


# UNDIS
#---------------------------
UNDIS_RUN='disabled'
UNDIS_CMD='python3 /home/pi/pialert/front/plugins/undiscoverables/script.py devices={devices}'
UNDIS_RUN_TIMEOUT=10
UNDIS_devices_to_import=['dummy_router']


# UNFIMP
#---------------------------
UNFIMP_RUN='disabled'
UNFIMP_CMD='python3 /home/pi/pialert/front/plugins/unifi_import/script.py username={username} password={password}  host={host} sites={sites}  protocol={protocol} port={port} version={version}'
UNFIMP_username=''
UNFIMP_password=''
UNFIMP_protocol='https://'
UNFIMP_host='192.168.1.1'
UNFIMP_port='8443'
UNFIMP_version=''
UNFIMP_sites=['default']
UNFIMP_RUN_SCHD='0 2 * * *'
UNFIMP_RUN_TIMEOUT=5
UNFIMP_WATCH=['Watched_Value1','Watched_Value4']
UNFIMP_REPORT_ON=['new','watched-changed']


# WEBMON
#---------------------------
WEBMON_RUN='disabled'
WEBMON_CMD='python3 /home/pi/pialert/front/plugins/website_monitor/script.py urls={urls}'
WEBMON_RUN_SCHD='0 2 * * *'
WEBMON_API_SQL='SELECT * FROM plugin_website_monitor'
WEBMON_RUN_TIMEOUT=5
WEBMON_WATCH=['Watched_Value1']
WEBMON_REPORT_ON=['new','watched-changed']
WEBMON_urls_to_check=['https://google.com','https://duck.com']
WEBMON_SQL_internet_ip='SELECT dev_LastIP FROM Devices WHERE dev_MAC = {s-quote}Internet{s-quote}'


#-------------------IMPORTANT INFO-------------------#
#   This file is ingested by a python script, so if  #
#        modified it needs to use python syntax      #
#-------------------IMPORTANT INFO-------------------#

Paste your docker-compose.yml and .env (remove personal info)

docker run

docker run
  -d
  --name='PiAlert'
  --net='br0'
  --ip='192.168.0.3'
  -e TZ="America/Chicago"
  -e HOST_CONTAINERNAME="PiAlert"
  -e 'TZ'='America/Chicago'
  -e 'TCP_PORT_20211'='20211'
  -v '/mnt/user/appdata/pialert/config':'/home/pi/pialert/config':'rw'
  -v '/mnt/user/appdata/pialert/db':'/home/pi/pialert/db':'rw'
  -v '/mnt/user/appdata/pihole-dot-doh/pihole/pihole-FTL.db':'/etc/pihole/pihole-FTL.db':'rw' 'jokobsk/pi.alert'
@jokob-sk
Copy link
Owner

Hi there,

Can you please verify that your returned data has the same format as described in the docs here?

https://github.com/jokob-sk/Pi.Alert/tree/main/front/plugins/snmp_discovery

This issue might be relevant too:
https://github.com/jokob-sk/Pi.Alert/issues/256

@jokob-sk jokob-sk added the Waiting for reply⏳ Waiting for the original poster to respond, or discussion in progress. label Jun 21, 2023
@photomatix18
Copy link
Author

This is my output
iso.3.6.1.2.1.4.22.1.2.3.192.168.20.1 "52 54 00 BC CC D4 "

Compared to what is expected
iso.3.6.1.2.1.3.1.1.2.3.1.192.168.1.2 "6C 6C 6C 6C 6C 6C "

The only difference I can see is the amount of characters in the strings. Would that affect anything?

jokob-sk added a commit that referenced this issue Jun 23, 2023
@jokob-sk
SNMP walk attempt at #258
a318a15
@jokob-sk
Copy link
Owner

Hi!

Thanks for checking!

The SNMP Discovery script is pretty simple:

https://github.com/jokob-sk/Pi.Alert/blob/a318a15cad0d1835b871b4fd27e0a5c040bd7e67/front/plugins/snmp_discovery/script.py#L91

The processing of the output is pretty strict and tested only on the mentioned use-case.

I tried fixing the script for your input, but I'd need you to test this to verify this fix:

jokob-sk/Pi.Alert@a318a15

To test this, grab the latest dev build here:

https://registry.hub.docker.com/r/jokobsk/pi.alert_dev

If this doesn't work, feel free to submit a PR to the above code file that would process pfsense entries appropriately.

Thanks,
j

@jokob-sk jokob-sk added the next release/in dev image🚀 This is coming in the next release or was already released if the issue is Closed. label Jun 23, 2023
@photomatix18
Copy link
Author

Fantastic, that works!
image

@jokob-sk jokob-sk reopened this Jun 24, 2023
@jokob-sk
Copy link
Owner

Keeping open until in production image.

@jokob-sk jokob-sk mentioned this issue Jun 24, 2023
Closed
@jokob-sk jokob-sk removed the Waiting for reply⏳ Waiting for the original poster to respond, or discussion in progress. label Jun 24, 2023
@ajtatum
Copy link

ajtatum commented Jul 14, 2023

Would this theoretically also work with OPNsense as well since they're somewhat similar?

@jokob-sk
Copy link
Owner

It should is the protocol is respected. You can test this in the _dev image :)

@jokob-sk
Copy link
Owner

Should be included in the latest release > Closing

@jokob-sk jokob-sk mentioned this issue Jul 2, 2024
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
next release/in dev image🚀 This is coming in the next release or was already released if the issue is Closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ajtatum @photomatix18 @jokob-sk